Arena Ransomware

Arena Ransomware is a malicious computer infection that targets your wallet. The program is there to encrypt your files and wait until you pay the ransom. Needless to say, you should not do anything of the kind. While it is not possible to decrypt the affected files at the moment, it should not stop you from removing Arena Ransomware from your system. You can find the manual removal instructions at the bottom of this article. As for your files, you can easily get them back if you have a backup drive. If not, you might have them saved someplace else.

Judging from the research our team has done, Arena Ransomware is another version of the Crysis Ransomware. It is a new variation of the original infection we have covered more than a year ago. The original infection is known as a dangerous computer security threat that encrypts all file extensions for all programs, thus making it impossible to run any program again. The only thing the original ransomware would not encrypt was the Internet Explorer browser, and that was probably because it still needed a gateway to the Internet for ransom collection. Seeing how dangerous the original infection is, it is logical to expect similar things from Arena Ransomware as well.

Normally, ransomware infections spread through spam email attachments, but computer security researchers have not been able to determine yet how this program travels around. Seeing that the original Crysis Ransomware used to get distributed via Remote Desktop Protocol, it would not be surprising if this application also hacked your Remote Desktop Connection software to infect your computer. This also means that the ransomware would be installed manually, and it might be hard to avoid it if the hackers have locked up on you. Nevertheless, exercising the most common secure web browsing habits should decrease the possibility of a ransomware infection.

At first, users may not realize that their PC’s security has been compromised, but once the encryption is complete, they will see that they cannot open their files any more. Also, it will be very easy to recognize the encrypted files because they will have a very long extension added to their filenames. For instance, a flower.jpg could end up being named flower.id-XXXXXXXX.[chivas@aolonline.top].arena, the XXXXXXXX being an 8-character alphanumeric ID every single infected computer gets. Needless to say, these IDs are all unique because the infection’s command and control center needs to differentiate between infected systems.

Obviously, Arena Ransomware also displays the ransom note that says the following:

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e0mail chivas@aolonline.top
Write this ID in the title of your message XXXXXXXX
In case of no answer in 24 hours write us to theese e-mails: chivas@aolonline.top

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

As you can see, there is a contradiction in the message. Judging from the wording, it is possible that the main email server can go down, but Arena Ransomware does not provide a working secondary email address. Instead, the same address is entered twice. This shows that there is a very good possibility that the hackers would not give you the decryption tool even if you were to pay the ransom. Not to mention, that there is always a chance their command and control center goes down and you need to deal with this on your own.

Please remove Arena Ransomware from your system immediately and do not even consider paying these crooks. After manual removal, scan your PC with a licensed antispyware tool that will help you locate other potential threats that could be present in your system. Finally, contact a professional technician that could consult you on the issue or check whether your Shadow Copies are intact. Sometimes the malware fails to encrypt or delete them. If that is the case, you can easily restore your files. If, it should be possible to get at least some of your files back from your mobile device, your cloud storage, or any other place where you have recently saved your newest documents.